The newest product in the ACS family is the CSACS appliance. The ACS appliance is a 1U rack-mountable server that runs a hardened version of the Windows 2000 server operating-system kernel. | The ACS appliance runs on a hardened Windows 2000 operating system. | Given that the ACS appliance runs on Windows, you might expect a normal Windows GUI login screen. This screen is not what you get. You can still access and configure the ACS appliance with a GUI browser, however. | The ACS appliance does not support a Windows GUI login. | There are other unusual aspects to the ACS appliance. You cannot use some ports, such as the keyboard port, the monitor/video port, and the second serial port. You can access the first serial port for console connections. You cannot access the ACS file system. Only the ports necessary for ACS appliance operation are opened; the others are filtered (blocked). | If the ACS appliance crashes, it automatically reboots. | | The appliance monitors ACS services and any failed service is restarted automatically. | Only specific, essential services are enabled on the ACS appliance. The following services are enabled: COM+ Event System, Dynamic Host Configuration Protocol (DHCP) Client, Domain Name System (DNS) Client, Event Log, IP Security (IPSec) Policy Agent, License Logging Service, Logical Disk Manager, Network Connections, Plug and Play, Protected Storage, Remote Procedure Call, Removable Storage, RunAs Service, Security Accounts Manager, Server, System Event Notification, Telnet, Windows Management Instrumentation, and Windows Management Instrumentation Driver Extensions. | Know the ACS appliance services that are enabled and, as a consequence, those that are not. | Notice that Internet Information Services (IIS) is not listed as an enabled service. Cisco knows how to harden a Windows operating system. |